Lucene search

PRIOn knowledge basePRION:CVE-2014-1296

HistoryApr 23, 2014 - 11:52 a.m.

Design/Logic Flaw

2014-04-2311:52:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.7%

JSON

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header’s value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.

CPENameOperatorVersion
iphone_oseq7.0.4
iphone_osle7.1
iphone_oseq7.0.5
iphone_oseq7.0.6
iphone_oseq7.0.1
iphone_oseq7.0.2
iphone_oseq7.0
iphone_oseq7.0.3
mac_os_xeq10.8.3
mac_os_xeq10.8.5 supplemental-update

Name	Operator	Version
iphone_os	eq	7.0.4
iphone_os	le	7.1
iphone_os	eq	7.0.5
iphone_os	eq	7.0.6
iphone_os	eq	7.0.1
iphone_os	eq	7.0.2
iphone_os	eq	7.0
iphone_os	eq	7.0.3
mac_os_x	eq	10.8.3
mac_os_x	eq	10.8.5 supplemental-update

Rows per page:

1-10 of 341

References

archives.neohapsis.com/archives/bugtraq/2014-04/0134.html

archives.neohapsis.com/archives/bugtraq/2014-04/0135.html

archives.neohapsis.com/archives/bugtraq/2014-04/0136.html

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.7%

JSON

Related for PRION:CVE-2014-1296